Use Case: You have created an API user and a Connected App and you want to validate the connectivity before sending the credentials to the tierce application
Before diving into the details, let’s recap and remind the basics around integrations.
Integrating your Salesforce application to an external application is always an additional risk for the security and the integrity of your data.
You should strive to mitigate these risks along the implementation of the integration.
Starting with the way you will set up the API user. Have a look on the following guidance on how to set up your integration user in a secure and scalable manner.
Your Connected App should be set up to support OAuth Settings. You can simply follow the official Salesforce article in order to understand the steps to follow. On top of these steps, I strongly recommend that you define secured policies for your Connected App. Limit the authorized users who can access your Connected App by restricting either at the profile level, either at the permission set level for instance.
Let’s build that and test the connectivity using Postman.
Create your API User and your Connected App
Here is the result of a basic setup of the Connected App with OAuth 2.0.
Test with Postman the OAuth 2.0 Username-Password Authentication Flow
Salesforce supports different Oauth Authorization Flows depending on your use case. You can find the full list here with associated use cases.
In this article we will be testing the Username-Password Flow. You can test any other flow using the same approach, and adjusting the expected parameters. You can also test the connectivity using another tool such as Chrome Advanced REST client or any other REST client.
Collect User and Connected App informations
Collect the following information to be able to test the authentication:
Action | Parameter Key | Parameter Value |
---|---|---|
API User Username | username | john.smith@salesforce4ever.com |
API User Password + API User Security Token | password | SALESFORCE4EVERCec3eMYTdZBzf656ZTMRzyOO |
ConnectedApp Client ID | client_id | 3MVG9SOw8KERNN0.4kGQNIb0Gfruis0VbHVgC.9oK7xszCmmKbskga7Eekflhz3Xz4QIDQh_9Dn1BMJUcjCrp |
ConnectedApp Client Secret | client_secret | CDB8E7E96CF700DAA6B9F8ED833A1D9DB4599CB1EE454529988B6293A1048AB3 |
Constant Grant Type | grant_type | password |
Concatenate your User Security Token with your Password. Whenever possible activate IP Filtering at the profile level. This way you don’t have to generate and use a Security Token.
Create a new basic Request in Postman and set the parameters
Launch Postman and first create a basic Request in Postman, and define the folder where you want to save it.
In order to test the authentication flow, we will request a token to Salesforce. This token will then be usable in all subsequent calls to access or manipulate the data. For OAuth 2.0 flows, the endpoint to request a token is https://login.salesforce.com/services/oauth2/token (for Production org or Developer org) or https://test.salesforce.com/services/oauth2/token (for sandboxes) and your HTTP Request must be a POST.
Don’t change login.salesforce.com or test.salesforce.com with your Domain name!
Follow the below steps:
- Change the Request type from GET to POST
- Paste one of the endpoint below, matching the type of Org you are testing the connectivity on
- https://login.salesforce.com/services/oauth2/token
- https://test.salesforce.com/services/oauth2/token
- In the Params tab below, enter in the Key column the 5 Parameter Keys (see table above)
- Associated to each key, enter your own values
You should have something looking like this:
Execute the REST call
Click on the Send button next to the endpoint.
If the connectivity is working fine, you will get an access_token as well as other informations such as the instance_url which is nothing more than your Domain name.
You can provide all these informations to the tierce application so that they can authenticate to your Org!
Going further…
Once authorized, you can test and validate the permissions at the record level or even field level, thereby testing the permissions the API user has.
In order to do so, let’s create another Get Request in Postman and follow the instructions below. We will execute a simple SOQL Query through a REST call.
In the Request URL field, enter the endpoint
Action | Endpoint Value |
---|---|
Concatenate the instance_url value from the previous authentication call with the service your want to call (here to run a SOQL query) | https://resourceful-hawk-hwli5q-dev-ed.my.salesforce.com/services/data/v50.0/query/ |
In the Params tab
Action | Parameter Key | Parameter Value |
---|---|---|
Enter your SOQL Query | q | SELECT ID FROM ACCOUNT |
In the Headers tab
Action | Parameter Key | Parameter Value |
---|---|---|
Enter the token_type with the access_token value from the previous authentication call, with a space between. | Authorization | Bearer 00D09000002VhIj!ARUAQKVSARnQSgoQFVtPO9RxsMLD1jUiLVDhyOSbzYJsCF4j5WjZgNdQX3d.23XpH4h74Vctc1tq6k9Wsh29OGX5nGl0EuKu |
Click Send and you should get the folllowing type of result.
Here it is!
You know all the basics to adapt to your own situation, and test before sharing with the external application team.
Pingback: Connect two Salesforce Orgs using OAuth2 authentication
Pingback: Listen to your Salesforce Platform Event using Python
Nice explanation, any change you can show us JWT flow?
Hi Fabian, thanks for your feedback. Yes I’ll publish the same tuto for JWT flow over the month. Stay tuned!